How to prevent spammers from using your domain

Most people don’t like spam. It clutters up the inbox with unnecessary junk, and takes away the focus from legitimate mails.

If you have your own domain like me, it gets even worse. Spammers have claimed to send mail from klungvik.com. This is visible when the “From”-field looks something like “seek_viagra@klungvik.com”, but the mail is not sent from me or are a legitimate email adress in my domain. A mail contain a header that provides information about the mail itself, where the mail was sent from, date etc. This is how a mail header look like:

Spammers put a fictitious email address in the From-field which is useless if we want to find the real source of the spam. When pressing “reply” on a mail, the Reply-To field is used and is the email address of the spammer.

There is a way to prevent spammers from using your domain. It’s called SPF records and are set in the DNS. The DNS settings are set by your web host provider or you can do it yourself if your web hosting company provide that capability. I will not explain what DNS records are and the technical details behind it. This posting is more to tell you about what it is, and how it works.

Let’s take a look at the current DNS records of klungvik.com:

The values from a DNS lookup on klungvik.com

I’m using subsys.no as my hosting service (pretty happy with their support and service by the way). The MX record tells where the mail server I use is located. When a mail is sent to helene @ klungvik . com, the mail server does a DNS lookup on klungvik.com and locates the MX record. All mail I receive is therefore sent to server6.subsys.no, before ending up in my mailbox.

So how does the SPF record work and how can that prevent spammers from using my domain?

SPF records allow the domain owner to specify what servers all mail from it’s domain will originate from. So if a mail is not sent from one of the specified domains, it will be marked as spam. The SPF record for klungvik.com are located in the TXT record and looks like this: “v=spf1 a mx ~all”.

a = address records that will match the senders address.
mx = mail server
~all = the qualifier, ~all means that mail sent from other servers will be accepted, but be marked (which usually means that the receiver will get the mail, but the mail will end up in the junk/spam folder).

All valid mail from klungvik.com will therefore be sent from any of these IP addresses/servers: 85.19.71.170 (which is server6.subsys.no), 213.180.83.177 and 85.19.71.162.

So how does the mail server use the SPF-record?

The mail server receives a mail. It takes a look at the “Received”-field which contains an IP-address: 235.16.47.37. The mail server does a DNS lookup on klungvik.com. and checks if the ip-address corresponds to any of the servers specified in the SPF-record for klungvik.com. Since 235.16.47.37 is not listed among the valid mail servers, it will be marked as spam.

There is some pitfalls to be aware of when specifying SPF-record for a domain:

1. You have to be conscious of where you send mail from. You can’t send mail from any other servers than specified in the SPF-record, or it will be marked as spam (and either not be received, or end up in a spam folder).

2. Forwarding of received mail can result in the mail be marked as spam.

The spammers stay shy of domains that have specified SPF-records, since they know that any mail will automatically be marked as spam. It also ensures that legitimate mails (like those I send), will be received.